JP Vossen on 23 Mar 2011 13:23:34 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Is there a better name for...

...a "log check"?

I've talked about this before, there is a package in Debian & Ubuntu, and a project site:
* logcheck - mails anomalies in the system logfiles to the administrator

The idea is simple at a high level and works really well, though there can be implementation gotchas.

You take your logs, or output, or whatever and:
1) Remove stuff you recognize and don't care about
2) Find stuff you *know* is bad, but then remove stuff that only *looks* bad
3) Take the remainder

So you end up with 2 buckets:
A) Stuff you know is bad
B) Stuff you don't recognize (so either it's bad or you tune it out)

Then over time you tune your patterns (usually regular expressions) to reduce "B."

This turns out to be really useful for log monitoring, or handling the output from long noisy processes (like compiles that don't set good exit codes).

To the best of my knowledge [1], Marcus J. Ranum and Fred Avolio wrote the oldest implementation in this context with the '' script for TIS Gauntlet, circa early 1990's. But it seems like it should be a basic sort of "Computer Science" thing, related to filtering or something. So, can anyone think of a better name and/or older example for this process or concept?

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --